Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory unsafety in used crate nix #3

Open
Ganneff opened this issue Mar 23, 2022 · 0 comments
Open

Memory unsafety in used crate nix #3

Ganneff opened this issue Mar 23, 2022 · 0 comments

Comments

@Ganneff
Copy link

Ganneff commented Mar 23, 2022

Hi

cargo-deny, a useful thing, has the error pasted below for the nix crate version that home-dir is using.
An update to something more recent would be nice.

Greetings,
Ganneff

error[A001]: Out-of-bounds write in nix::unistd::getgrouplist
│ nix 0.18.0 registry+https://github.com/rust-lang/crates.io-index
│ ---------------------------------------------------------------- security vulnerability detected

= ID: RUSTSEC-2021-0119
= Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0119
= On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.

 The libc `getgrouplist` function takes an in/out parameter `ngroups`
 specifying the size of the group buffer. When the buffer is too small to
 hold all of the reqested user's group memberships, some libc
 implementations, including glibc and Solaris libc, will modify `ngroups`
 to indicate the actual number of groups for the user, in addition to
 returning an error. The version of `nix::unistd::getgrouplist` in nix
 0.16.0 and up will resize the buffer to twice its size, but will not
 read or modify the `ngroups` variable. Thus, if the user has more than
 twice as many groups as the initial buffer size of 8, the next call to
 `getgrouplist` will then write past the end of the buffer.
 
 The issue would require editing /etc/groups to exploit, which is usually
 only editable by the root user.

= Announcement: nix-rust/nix#1541
= Solution: Upgrade to ^0.20.2 OR ^0.21.2 OR ^0.22.2 OR >=0.23.0
= nix v0.18.0
└── home-dir v0.1.0

drewdeponte added a commit to uptech/home-dir that referenced this issue Jun 18, 2022
Upgrade nix dependency as there have been a number of security fixes
made in nix that we should make sure we get.

This should also address issue eulegang#3.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant